On 05/13/2015 07:40 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi List,

I am trying to figure out a method of allowing users who do not have
shell access to change their own passwords.  The GUI that comes with
FreeIPA is out of the question due to the untrusted CA (yes I know we
are a strange shop, there is nothing I can do about it, and you would
want to gouge you eyes out if I told you the full story) becoming a
"Bad habit forming" method of changing one's password.  I have been
looking around for about a week now, and am somewhat lost and
perplexed. The old documentation for FreeIPA basically says that it is
not a good idea to manipulate the password directly in LDAP (and even
then finding what hash is being used has been next to impossible).

So the question is this, does anyone know of any tools out there that
can happily, or even with some modification, allow me to set up a
trusted external ssl site that allows users to change their passwords.

There is no external password reset self service in IPA yet. We will be starting to look into this effort during summer. Take a look at the bucket of tickets in the "FreeIPA Community Portal Release" here https://fedorahosted.org/freeipa/report/3.

What prevents you from making IPA trusted? You can chain IPA to your CA or use it CA-less with certs from your own CA.
Then UI would be an option I assume.

Other option is https://code.google.com/p/pwm/


Thanks,
Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVU+DdAAoJEJFMz73A1+zryTIP/1dLBYfMwSNkvICW8PToUkD6
MCQQt+yGblI2gqZiVm2NCHD4Lto4sDUJSdnQF++kcuCTd0u4P5twFR/LejIAa/Jc
bKCO7XSmfBEh/+ArVeUBSsoBec2V0h6x3i98mChD55DzuRJj4HiIxGgM1KdeAgaV
UdwI9wQEKOUCyHZyDVdEk/g+X1QMnNBPUXhdEiHtAkbqkxSan01iw2k1mGjfIOWU
NfOThdj7K9vE18YIKuJ7L/uztvNyAaj+ZsR1uKayYxlpgMalUJDHW1u3gX2MPELm
zpDWVj7mR0iZ78AJlSG0J7+ughBMq5jarlzdCYTHmFqe0dszmafDAdxIBKmWw+IW
/BXIMDTR/CjoPW4D65fewEcqIVrODDft6GNDg7aYa0dF8eiOjQM3wNUVjmgBESBK
ztcGuFID+bl96+GABuSo9OFS36/dKskhGK125gvpEgU8pWM4+POQDtWlHjFHw5Ml
1ZCZHxrQOp/drolh50uMTl6QrZSKt0U3Kikw+zzj5itAEtbhVrnfw7nvJHlhPsy/
7CG2WMv/iwXzif+ogSN6ClkOxSTqHftS2BW9uMP7meLNK0tRiCtTVSXSXIizTR96
ZbCb9zbETfHYj2KE3nLeKAeycaN15+8NK1YgVYEh+ZqbsgdFgD6src6X/NP3v3dX
kzyr3+tqYdDbgibcYyhd
=5KCr
-----END PGP SIGNATURE-----



--
Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to